These required roles refer to Cloudera Navigator user roles. Users with the Cloudera Manager user roles Navigator Administrator or Full Administrator who log into the Cloudera Navigator Web UI
with their Cloudera Manager credentials are logged into Cloudera Navigator with the Full Administrator Cloudera Navigator user role.

This section assumes that values for your LDAP or Active Directory directory service have been configured in Cloudera Manager as described in Configuring External Authentication for Cloudera Navigator. This section also assumes that your LDAP or Active Directory
service contains user groups that correspond to Cloudera Navigator user roles having the permissions you want each group of users to have. If not, you should assign your users to such groups now. The
Cloudera Navigator user roles are as follows:

To add or remove Cloudera Navigator user roles to LDAP or Active Directory user groups, you should know the names of the directory groups you want to configure, and then perform the
following steps:

Do one of the following:

Enter the URL of the Navigator UI in a browser: http://Navigator_Metadata_Server_host:port/, where Navigator_Metadata_Server_host is the name of the host on which you are running the Navigator Metadata
Server role and port is the port configured for the role. The default port of the Navigator Metadata Server is 7187. To change the
port, follow the instructions in Configuring the Navigator Metadata Server
Port.

Select Clusters > Cloudera Management Service
> Cloudera Navigator.

Navigate from the Navigator Metadata Server role:

Select Clusters > Cloudera Management
Service.

Click the Instances tab.

Click the Navigator Metadata Server role.

Click the Cloudera Navigator link.

Log in to Cloudera Navigator with the credentials of a user having one or more of the following user roles:

Cloudera Manager Full Administrator

Cloudera Manager Navigator Administrator

Cloudera Navigator Full Administrator

Cloudera Navigator User Administrator

Click the Administration tab in the upper right.

Click the Role Management tab.

Search for an LDAP or Active Directory group by entering its name (or the first portion of the name) in the search field and pressing Enter or
Return.

Select All Groups to search among all groups in the external directory.

Select Groups with Navigator Roles to display only external directory groups that have already been assigned one or more Cloudera Navigator user
roles.

From the LDAP or Active Directory groups displayed, select the group to which you want to assign a Cloudera Navigator user role or roles. If roles have already been assigned to the
group, they are listed beneath the name of the group in the main panel.

Click Manage Role Assignment in the upper right.

Click the checkbox for each Cloudera Navigator user role you want assigned to that Active Directory or LDAP group. Uncheck any already-assigned roles that you want to remove from the
group.

Click Save.

If a user's role assignments are changed, the changes take effect with the user's next new session, that is, the next time the user logs in to Cloudera Navigator.

If this documentation includes code, including but not limited to, code examples, Cloudera makes this available to you under the terms of the Apache License, Version 2.0, including any required
notices. A copy of the Apache License Version 2.0 can be found here.